2012 began with a report from IDC stating “Signature-based tools (anti-virus, firewalls and intrusion prevention) are only effective against 30–50 percent of current security threats. Moreover, customers expect the effectiveness of signature-based security to continue to decline rapidly.”[1] Much of this can be attributed to how attacks have evolved to specifically counter those defenses. To address this exposure, it was recommended that organizations consider “a shift in security posture toward being more proactive”[2]. Based on technology, security intelligence and rigorous analysis of threat trends, these predictions have been collected from the global Websense® Security Labs™ team to give readers insight into some of the key threats you should prepare for in 2013.

We encourage you to use the following 7 predictions to review your current defenses and identify security gaps in 2013 and beyond.

1 Cross-Platform Threats

Mobile devices will be the new target for cross-platform threats.

The top three mobile platforms hackers will target are Windows 8, Android and iOS. Cross platform exploits will make this easier via HTML5 and Java. In 2013, the rate of threat growth on Microsoft mobile devices will be the highest. Cybercriminals operate toward similar objectives as legitimate application developers and focus on the most profitable platforms. As development barriers are removed, mobile threats will be able to leverage a huge library of shared code. Attackers will also continue to increasingly use social engineering lures to capture user credentials on mobile devices.

2 Malware in App Stores

Legitimate mobile app stores will host more malware in 2013.

Malicious apps will increasingly slip through validation processes. They will continue to pose risks to organizations enabling bring your own device (BYOD) policies. We will see an increased volume of malware hosted in legitimate mobile app stores. In addition, jail-broken/rooted devices and non-sanctioned app stores will pose significant risk to enterprises as more allow BYOD.

3 Government-Sponsored Attacks

Government-sponsored attacks will increase as new players enter.

Expect more governments to enter the cyber-warfare arena. In the wake of several public cyber-warfare events, there are a number of contributing factors that will drive more countries toward these strategies and tactics. While the effort to become another nuclear superpower may be insurmountable, almost any country can draft the talent and resources to craft cyber-weapons. Countries and individual cybercriminals all have access to the blueprints for previous state-sponsored attacks like Stuxnet, Flame and Shamoon.

4 Bypass of Sandbox Detection

Cybercriminals will use bypass methods to avoid traditional sandbox detection.

More organizations are utilizing virtual machine defenses to test for malware and threats. As a result, attackers are taking new steps to avoid detection by recognizing virtual machine environments. Some potential methods will attempt to identify a security sandbox, just as past attacks targeted specific AV engines and turned them off. These advanced attacks will remain hidden until they are sure they aren’t in a virtual security environment.

5 Next Level Hacktivists

Expect hacktivists to move to the next level as simplistic opportunities dwindle.

Driven by highly publicized hacktivist events in recent years, organizations have invested in the deployment of increasingly better detection and prevention policies, solutions and strategies. Hacktivists will move to the next level by increasing their sophistication for success.

6 Malicious Emails

Malicious emails are making a comeback.

Timed and targeted spear-phishing email attacks, along with an increase in malicious email attachments, are providing new opportunities for cybercrime. Malicious email will make a comeback. Domain generation algorithms will also bypass current security to increase the effectiveness of targeted attacks.

7 CMS Attacks

Cybercriminals will follow the crowds to legitimate content management systems and web platforms.

Vulnerabilities in Wordpress have frequently been exploited with mass compromises. As other content management systems (CMS) and service platforms increase in popularity, the bad guys will routinely test the integrity of these systems. Attacks will continue to exploit legitimate web platforms, requiring CMS administrators to pay greater attention to updates, patches, and other security measures. Cybercriminals compromise these platforms to host their malware, infect users and invade organizations to steal data.


Information security continues to grow more complex, and 2013 will be no exception. Yet, by providing traditional security predictions along with more contextual information, security personnel can more easily perform the necessary periodic security evaluations and develop specific action plans to both tighten defenses and prepare them for the coming threats.

Portions of this report may also be useful for educating those who are less aware of security issues around emerging technologies such as mobile devices. Or that the overall threat from cyber-attacks continues to grow despite the fact that attacks tend to affect few people—because of the sheer number of attacks that continues to increase.

In the end, this report is focused on key changes to be faced in the coming year. It is important to keep in mind that these predictions are not about ‘replacement’ threats, but ‘additional’ threat techniques that will be added to the arsenal of the cybercriminal. Some represent new ways of conducting an attack, while most will simply be used as one part of a multi-stage, blended attack.

For a more comprehensive review of your current security posture, and your state of preparedness for future attacks, we recommend reviewing the multiple stages of attacks as discussed in the Websense 2012 Annual Threat Report. An attack can be stopped at any stage, and a comprehensive defense plan will ensure measures are in place to address an attack at any stage.


Mobile devices have become so powerful they risk greater exposure to cross-platform threats, including the Java-based threats discussed in detail within the full report. Strong competition and a cloud-based maintenance and delivery model also means that features and capabilities are changing more rapidly than ever before. The introduction of these new capabilities is followed by new applications, which feed continuous changes to the mobile work, play, and threat landscapes - along witht he inherent risks we must mitigate.

To read more, download the full 2013 Security Predictions Report.


To conduct phishing activities, cyber criminals often plan around predictable themes such as the World Cup, elections, tax time or other publicized events. Other socially engineered themes take advantage of unpredictable opportunities, such as an earthquake or the death of a celebrity. Other than an increase in professionally themed attacks, little has changed in phishing messaging. However, in a world with so many blended threats designed to attack multiple stages using email, cybercriminals developed a number of interesting technical modifications to their attacks.

To read more, download the full 2013 Security Predictions Report.


Java was released in 1995 to provide developers a platform where they can develop and maintain a single application, yet offered to users of a wide variety of operating systems. Today, Java can be found on 1.1 billion PCs, 3 billion mobile devices and every Blu-ray player in the world. The Java platform has also been embraced to simplify development and maintenance of programs operating in almost any appliance or device with a computer chip. Unfortunately, as we saw during the mid-2012 threat season, Java is as exploitable as other popular applications, platforms and operating systems. Indeed it's very popularity, combined with its capabilities, make it a high-value target for cybercrime.

To read more, download the full 2013 Security Predictions Report.